Current processors may provide support for a trusted execution environment such as a secure enclave. Secure enclaves include segments of memory (including code and/or data) protected by the processor from unauthorized access including unauthorized reads and writes. In particular, certain processors may include Intel® Software Guard Extensions (SGX) to provide secure enclave support. In particular, SGX provides confidentiality, integrity, and replay-protection to the secure enclave data while the data is resident in the platform memory and thus provides protection against both software and hardware attacks. The on-chip boundary forms a natural security boundary, where data and code may be stored in plaintext and assumed to be secure. Intel® SGX does not protect I/O data that moves across the on-chip boundary.
Trusted I/O (TIO) technology enables an application to send and/or receive I/O data securely to/from a device. This I/O data may include authentication data. For example, an I/O device may provide authentication data (e.g., usernames, passwords, biometric data, or the like). In the case of biometric data, a biometric I/O device may provide, for example, a fingerprint image for a user that is compared to a biometric template that includes a stored fingerprint image or other biometric data for that user to authenticate the user. Such biometric data and biometric templates are sensitive and personally identifiable data that may be susceptible to intrusions or attacks by unauthorized individuals looking to authenticate as the authorized user. For example, unauthorized individuals may wish to access an encrypted component (e.g., an encrypted hard drive) using authentication credentials or data received by unauthorized means.